thepopebot 1.2.70-beta.8 → 1.2.70

package/README.md

@@ -1,12 +1,4 @@
-# thepopebot
-
-**Autonomous AI agents. All the power. None of the leaked API keys.**
-
----
-
-## Why thepopebot?
-
-**Secure by default** — Other frameworks hand credentials to the LLM and hope for the best. thepopebot is different: the AI literally cannot access your secrets, even if it tries. Secrets are filtered at the process level before the agent's shell even starts.
+# Why thepopebot?
 
 **The repository IS the agent** — Every action your agent takes is a git commit. You can see exactly what it did, when, and why. If it screws up, revert it. Want to clone your agent? Fork the repo — code, personality, scheduled jobs, full history, all of it goes with your fork.
 
@@ -56,15 +48,9 @@ You interact with your bot via the web chat interface or Telegram (optional). Th
 
 ---
 
-## Get FREE server time on Github!
-
-| | thepopebot | Other platforms |
-|---|---|---|
-| **Public repos** | Free. $0. GitHub Actions doesn't charge. | $20-100+/month |
-| **Private repos** | 2,000 free minutes/month (every GitHub plan, including free) | $20-100+/month |
-| **Infrastructure** | GitHub Actions (already included) | Dedicated servers |
+## Star History
 
-You just bring your own [Anthropic API key](https://console.anthropic.com/).
+[![Star History Chart](https://api.star-history.com/svg?repos=stephengpope/thepopebot&type=date&legend=top-left)](https://www.star-history.com/#stephengpope/thepopebot&type=date&legend=top-left)
 
 ---
 
@@ -124,12 +110,6 @@ docker compose up -d
 
 ---
 
-## Star History
-
-[![Star History Chart](https://api.star-history.com/svg?repos=stephengpope/thepopebot&type=date&legend=top-left)](https://www.star-history.com/#stephengpope/thepopebot&type=date&legend=top-left)
-
----
-
 ## Manual Updating
 
 **1. Update the package**
@@ -144,7 +124,26 @@ npm install thepopebot@latest
 npx thepopebot init
 ```
 
-For most people, that's it — `init` handles everything. It updates your project files, runs `npm install`, and updates `THEPOPEBOT_VERSION` in your local `.env`.
+For most people, that's it — `init` handles everything. It updates your project files, runs `npm install`, and updates `THEPOPEBOT_VERSION` in your local `.env`. See [Understanding `init`](#understanding-init) below for details on what this updates and how to handle custom changes.
+
+**3. Rebuild for local dev**
+
+```bash
+npm run build
+```
+
+**4. Commit and push**
+
+```bash
+git add -A && git commit -m "upgrade thepopebot to vX.X.X"
+git push
+```
+
+Pushing to `main` triggers the `rebuild-event-handler.yml` workflow on your server. It detects the version change, runs `thepopebot init`, updates `THEPOPEBOT_VERSION` in the server's `.env`, pulls the new Docker image, restarts the container, rebuilds `.next`, and reloads PM2 — no manual `docker compose` needed.
+
+> **Upgrade failed?** See [Recovering from a Failed Upgrade](docs/UPGRADE.md#recovering-from-a-failed-upgrade).
+
+### Understanding `init`
 
 #### How your project is structured
 
@@ -154,7 +153,7 @@ When you ran `thepopebot init` the first time, it scaffolded a project folder wi
 
 | Files | What they do |
 |-------|-------------|
-| `config/SOUL.md`, `CHATBOT.md`, `AGENT.md`, etc. | Your agent's personality, behavior, and prompts |
+| `config/SOUL.md`, `EVENT_HANDLER.md`, `AGENT.md`, etc. | Your agent's personality, behavior, and prompts |
 | `config/CRONS.json`, `TRIGGERS.json` | Your scheduled jobs and webhook triggers |
 | `app/` | Next.js pages and UI components |
 | `docker/job/` | The Dockerfile for your agent's job container |
@@ -198,21 +197,6 @@ If you've made custom changes to managed files (e.g., added extra steps to a Git
 npx thepopebot init --no-managed
 ```
 
-**3. Rebuild for local dev**
-
-```bash
-npm run build
-```
-
-**4. Commit and push**
-
-```bash
-git add -A && git commit -m "upgrade thepopebot to vX.X.X"
-git push
-```
-
-Pushing to `main` triggers the `rebuild-event-handler.yml` workflow on your server. It detects the version change, runs `thepopebot init`, updates `THEPOPEBOT_VERSION` in the server's `.env`, pulls the new Docker image, restarts the container, rebuilds `.next`, and reloads PM2 — no manual `docker compose` needed.
-
 ---
 
 ## CLI Commands
@@ -269,88 +253,11 @@ The `templates/` directory contains files scaffolded into user projects by `thep
 
 ---
 
-## Production Deployment
-
-Deploy your agent to a cloud VPS with HTTPS.
-
-### 1. Server prerequisites
-
-You need a VPS (any provider — Hetzner, DigitalOcean, AWS, etc.) with:
-
-- Docker + Docker Compose
-- Node.js 18+
-- Git
-- GitHub CLI (`gh`)
-
-Point a domain (e.g., `mybot.example.com`) to your server's IP address with a DNS A record.
-
-### 2. Scaffold and configure
-
-SSH into your server and scaffold the project:
-
-```bash
-mkdir my-agent && cd my-agent
-npx thepopebot@latest init
-npm run setup
-```
-
-When the setup wizard asks for `APP_URL`, enter your production URL with `https://` (e.g., `https://mybot.example.com`).
-
-Set the `RUNS_ON` GitHub variable so workflows use your server's self-hosted runner instead of GitHub-hosted runners:
-
-```bash
-gh variable set RUNS_ON --body "self-hosted" --repo OWNER/REPO
-```
-
-### 3. Enable HTTPS (Let's Encrypt)
-
-The `docker-compose.yml` has Let's Encrypt support built in but commented out. Three edits to enable it:
-
-**a) Add your email to `.env`:**
-
-```
-LETSENCRYPT_EMAIL=you@example.com
-```
-
-**b) In `docker-compose.yml`, remove the `#` from the TLS lines in the traefik service command:**
-
-```yaml
-# Before (commented out):
-# - --entrypoints.web.http.redirections.entrypoint.to=websecure
-# ...
-
-# After (uncommented):
-- --entrypoints.web.http.redirections.entrypoint.to=websecure
-- --entrypoints.web.http.redirections.entrypoint.scheme=https
-- --certificatesresolvers.letsencrypt.acme.email=${LETSENCRYPT_EMAIL}
-- --certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json
-- --certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web
-```
-
-**c) In the event-handler labels, switch from HTTP to HTTPS:**
-
-Add a `#` to comment out the HTTP entrypoint, and remove the `#` from the two HTTPS lines:
-
-```yaml
-# Before:
-- traefik.http.routers.event-handler.entrypoints=web
-# - traefik.http.routers.event-handler.entrypoints=websecure
-# - traefik.http.routers.event-handler.tls.certresolver=letsencrypt
-
-# After:
-# - traefik.http.routers.event-handler.entrypoints=web
-- traefik.http.routers.event-handler.entrypoints=websecure
-- traefik.http.routers.event-handler.tls.certresolver=letsencrypt
-```
-
-### 4. Build and launch
+## Security
 
-```bash
-npm run build
-docker compose up -d
-```
+thepopebot includes API key authentication, webhook secret validation (fail-closed), session encryption, secret filtering in the Docker agent, and auto-merge path restrictions. However, all software carries risk — thepopebot is provided as-is, and you are responsible for securing your own infrastructure. If you're running locally with a tunnel (ngrok, Cloudflare Tunnel, port forwarding), be aware that your dev server endpoints are publicly accessible with no rate limiting and no TLS on the local hop.
 
-Ports 80 and 443 must be open on your server. Port 80 is required even with HTTPS — Let's Encrypt uses it for the ACME HTTP challenge to verify domain ownership.
+See [docs/SECURITY.md](docs/SECURITY.md) for full details on what's exposed, the risks, and recommendations.
 
 ---
 
@@ -363,7 +270,9 @@ Ports 80 and 443 must be open on your server. Port 80 is required even with HTTP
 | [Customization](docs/CUSTOMIZATION.md) | Personality, skills, operating system files, using your bot, security details |
 | [Chat Integrations](docs/CHAT_INTEGRATIONS.md) | Web chat, Telegram, adding new channels |
 | [Auto-Merge](docs/AUTO_MERGE.md) | Auto-merge controls, ALLOWED_PATHS configuration |
+| [Deployment](docs/DEPLOYMENT.md) | VPS setup, Docker Compose, HTTPS with Let's Encrypt |
 | [How to Use Pi](docs/HOW_TO_USE_PI.md) | Guide to the Pi coding agent |
+| [Pre-Release](docs/PRE_RELEASE.md) | Installing beta/alpha builds, going back to stable |
 | [Security](docs/SECURITY.md) | Security disclaimer, local development risks |
 | [Upgrading](docs/UPGRADE.md) | Automated upgrades, recovering from failed upgrades |
 
@@ -372,45 +281,3 @@ Ports 80 and 443 must be open on your server. Port 80 is required even with HTTP
 | Document | Description |
 |----------|-------------|
 | [NPM](docs/NPM.md) | Updating pi-skills, versioning, and publishing releases |
-
----
-
-## Security
-
-thepopebot includes API key authentication, webhook secret validation (fail-closed), session encryption, secret filtering in the Docker agent, and auto-merge path restrictions. However, all software carries risk — thepopebot is provided as-is, and you are responsible for securing your own infrastructure. If you're running locally with a tunnel (ngrok, Cloudflare Tunnel, port forwarding), be aware that your dev server endpoints are publicly accessible with no rate limiting and no TLS on the local hop.
-
-See [docs/SECURITY.md](docs/SECURITY.md) for full details on what's exposed, the risks, and recommendations.
-
----
-
-## Pre-Release Versions
-
-Pre-release builds (beta, alpha, rc) are published to separate npm dist-tags. They won't be installed by normal `npm update` or `thepopebot init` — you have to opt in explicitly.
-
-**Install the latest pre-release:**
-
-```bash
-mkdir my-agent && cd my-agent
-npx thepopebot@beta init
-```
-
-**Install a specific version:**
-
-```bash
-npx thepopebot@1.3.0-beta.1 init
-```
-
-**Check available versions:**
-
-```bash
-npm info thepopebot
-```
-
-**Go back to stable:**
-
-```bash
-npm install thepopebot@latest
-npx thepopebot init
-```
-
-Pre-releases may contain breaking changes or incomplete features. Use them for testing and feedback — not production agents.

package/lib/ai/agent.js

@@ -1,9 +1,9 @@
 import { createReactAgent } from '@langchain/langgraph/prebuilt';
 import { SystemMessage } from '@langchain/core/messages';
 import { createModel } from './model.js';
-import { createJobTool, getJobStatusTool } from './tools.js';
+import { createJobTool, getJobStatusTool, getSystemTechnicalSpecsTool, getPiSkillCreationGuideTool } from './tools.js';
 import { SqliteSaver } from '@langchain/langgraph-checkpoint-sqlite';
-import { chatbotMd, thepopebotDb } from '../paths.js';
+import { eventHandlerMd, thepopebotDb } from '../paths.js';
 import { render_md } from '../utils/render-md.js';
 
 let _agent = null;
@@ -16,14 +16,14 @@ let _agent = null;
 export async function getAgent() {
   if (!_agent) {
     const model = await createModel();
-    const tools = [createJobTool, getJobStatusTool];
+    const tools = [createJobTool, getJobStatusTool, getSystemTechnicalSpecsTool, getPiSkillCreationGuideTool];
     const checkpointer = SqliteSaver.fromConnString(thepopebotDb);
 
     _agent = createReactAgent({
       llm: model,
       tools,
       checkpointSaver: checkpointer,
-      prompt: (state) => [new SystemMessage(render_md(chatbotMd)), ...state.messages],
+      prompt: (state) => [new SystemMessage(render_md(eventHandlerMd)), ...state.messages],
     });
   }
   return _agent;

package/lib/ai/index.js

@@ -149,24 +149,45 @@ async function* chatStream(threadId, message, attachments = [], options = {}) {
     for await (const event of stream) {
       // streamMode: 'messages' yields [message, metadata] tuples
       const msg = Array.isArray(event) ? event[0] : event;
-      const isAI = msg._getType?.() === 'ai';
-      if (!isAI) continue;
-
-      // Content can be a string or an array of content blocks
-      let text = '';
-      if (typeof msg.content === 'string') {
-        text = msg.content;
-      } else if (Array.isArray(msg.content)) {
-        text = msg.content
-          .filter((b) => b.type === 'text' && b.text)
-          .map((b) => b.text)
-          .join('');
-      }
-
-      if (text) {
-        fullText += text;
-        yield text;
+      const msgType = msg._getType?.();
+
+      if (msgType === 'ai') {
+        // Tool calls — AIMessage.tool_calls is an array of { id, name, args }
+        if (msg.tool_calls?.length > 0) {
+          for (const tc of msg.tool_calls) {
+            yield {
+              type: 'tool-call',
+              toolCallId: tc.id,
+              toolName: tc.name,
+              args: tc.args,
+            };
+          }
+        }
+
+        // Text content (wrapped in structured object)
+        let text = '';
+        if (typeof msg.content === 'string') {
+          text = msg.content;
+        } else if (Array.isArray(msg.content)) {
+          text = msg.content
+            .filter((b) => b.type === 'text' && b.text)
+            .map((b) => b.text)
+            .join('');
+        }
+
+        if (text) {
+          fullText += text;
+          yield { type: 'text', text };
+        }
+      } else if (msgType === 'tool') {
+        // Tool result — ToolMessage has tool_call_id and content
+        yield {
+          type: 'tool-result',
+          toolCallId: msg.tool_call_id,
+          result: msg.content,
+        };
       }
+      // Skip other message types (human, system)
     }
 
     // Save assistant response to DB
@@ -192,7 +213,7 @@ async function autoTitle(threadId, firstMessage) {
     const chat = getChatById(threadId);
     if (!chat || chat.title !== 'New Chat') return;
 
-    const model = await createModel();
+    const model = await createModel({ maxTokens: 250 });
     const response = await model.invoke([
       ['system', 'Generate a short (3-6 word) title for this chat based on the user\'s first message. Return ONLY the title, nothing else.'],
       ['human', firstMessage],

package/lib/ai/tools.js

@@ -1,7 +1,9 @@
+import fs from 'fs';
 import { tool } from '@langchain/core/tools';
 import { z } from 'zod';
 import { createJob } from '../tools/create-job.js';
 import { getJobStatus } from '../tools/github.js';
+import { claudeMd, skillGuidePath } from '../paths.js';
 
 const createJobTool = tool(
   async ({ job_description }) => {
@@ -15,7 +17,7 @@ const createJobTool = tool(
   {
     name: 'create_job',
     description:
-      'Create an autonomous job for thepopebot to execute. Use this tool liberally - if the user asks for ANY task to be done, create a job. Jobs can handle code changes, file updates, research tasks, web scraping, data analysis, or anything requiring autonomous work. When the user explicitly asks for a job, ALWAYS use this tool. Returns the job ID and branch name.',
+      'Create an autonomous job that runs a Docker agent in a container. The Docker agent has full filesystem access, web search, browser automation, and other abilities. The job description you provide becomes the Docker agent\'s task prompt. Returns the job ID and branch name.',
     schema: z.object({
       job_description: z
         .string()
@@ -46,4 +48,36 @@ const getJobStatusTool = tool(
   }
 );
 
-export { createJobTool, getJobStatusTool };
+const getSystemTechnicalSpecsTool = tool(
+  async () => {
+    try {
+      return fs.readFileSync(claudeMd, 'utf8');
+    } catch {
+      return 'No technical documentation found (CLAUDE.md not present in project root).';
+    }
+  },
+  {
+    name: 'get_system_technical_specs',
+    description:
+      'Read the system architecture and technical documentation (CLAUDE.md). Use this when you need to understand how the system itself works — the event handler, Docker agent, API routes, database, cron/trigger configuration, GitHub Actions, deployment, or file structure. Use this before planning jobs that modify system configuration or infrastructure. NOT for Pi skill creation (use get_pi_skill_creation_guide for that).',
+    schema: z.object({}),
+  }
+);
+
+const getPiSkillCreationGuideTool = tool(
+  async () => {
+    try {
+      return fs.readFileSync(skillGuidePath, 'utf8');
+    } catch {
+      return 'Skill guide not found.';
+    }
+  },
+  {
+    name: 'get_pi_skill_creation_guide',
+    description:
+      'Load the guide for creating, modifying, and understanding Pi agent skills (pi-skills). Use this when the user wants to create a new skill, asks how skills work, wants to modify an existing skill, or when you need to understand the skill format (SKILL.md, {baseDir}, activation, testing). This is about Pi skills specifically — the lightweight bash/Node.js wrappers that extend what the Docker agent can do. NOT for understanding the system architecture (use get_system_technical_specs for that).',
+    schema: z.object({}),
+  }
+);
+
+export { createJobTool, getJobStatusTool, getSystemTechnicalSpecsTool, getPiSkillCreationGuideTool };

package/lib/auth/middleware.js

@@ -23,7 +23,27 @@ export const middleware = auth((req) => {
 
   // Everything else requires auth
   if (!req.auth) {
-    return NextResponse.redirect(new URL('/login', req.url));
+    const response = NextResponse.redirect(new URL('/login', req.url));
+
+    // Clear stale session cookies that can't be decrypted (e.g. after AUTH_SECRET rotation
+    // or container restart). Auth.js clears these internally in route handlers via
+    // sessionStore.clean(), but NOT in middleware — so the bad cookie loops forever.
+    // Only session-token cookies are cleared; csrf-token and callback-url are left intact.
+    const cookieNames = Object.keys(req.cookies.getAll().reduce((acc, c) => { acc[c.name] = true; return acc; }, {}));
+    const staleSessionCookies = cookieNames.filter(name =>
+      name === 'authjs.session-token' ||
+      name === '__Secure-authjs.session-token' ||
+      /^authjs\.session-token\.\d+$/.test(name) ||
+      /^__Secure-authjs\.session-token\.\d+$/.test(name)
+    );
+
+    if (staleSessionCookies.length > 0) {
+      for (const name of staleSessionCookies) {
+        response.cookies.set(name, '', { maxAge: 0, path: '/' });
+      }
+    }
+
+    return response;
   }
 });
 

package/lib/chat/api.js

@@ -81,17 +81,46 @@ export async function POST(request) {
       // Signal start of assistant message
       writer.write({ type: 'start' });
 
-      const textId = crypto.randomUUID();
       let textStarted = false;
+      let textId = crypto.randomUUID();
 
       for await (const chunk of chunks) {
-        if (!textStarted) {
-          writer.write({ type: 'text-start', id: textId });
-          textStarted = true;
+        if (chunk.type === 'text') {
+          if (!textStarted) {
+            textId = crypto.randomUUID();
+            writer.write({ type: 'text-start', id: textId });
+            textStarted = true;
+          }
+          writer.write({ type: 'text-delta', id: textId, delta: chunk.text });
+
+        } else if (chunk.type === 'tool-call') {
+          // Close any open text block before tool events
+          if (textStarted) {
+            writer.write({ type: 'text-end', id: textId });
+            textStarted = false;
+          }
+          writer.write({
+            type: 'tool-input-start',
+            toolCallId: chunk.toolCallId,
+            toolName: chunk.toolName,
+          });
+          writer.write({
+            type: 'tool-input-available',
+            toolCallId: chunk.toolCallId,
+            toolName: chunk.toolName,
+            input: chunk.args,
+          });
+
+        } else if (chunk.type === 'tool-result') {
+          writer.write({
+            type: 'tool-output-available',
+            toolCallId: chunk.toolCallId,
+            output: chunk.result,
+          });
         }
-        writer.write({ type: 'text-delta', id: textId, delta: chunk });
       }
 
+      // Close final text block if still open
       if (textStarted) {
         writer.write({ type: 'text-end', id: textId });
       }

package/lib/chat/components/app-sidebar.js

@@ -42,7 +42,7 @@ function AppSidebar({ user }) {
       /* @__PURE__ */ jsxs(SidebarHeader, { children: [
         /* @__PURE__ */ jsxs("div", { className: collapsed ? "flex justify-center" : "flex items-center justify-between", children: [
           !collapsed && /* @__PURE__ */ jsxs("span", { className: "px-2 font-semibold text-lg", children: [
-            "The Pope Bot",
+            "ThePopeBot",
             version && /* @__PURE__ */ jsxs("span", { className: "text-[11px] font-normal text-muted-foreground", children: [
               " v",
               version

package/lib/chat/components/app-sidebar.jsx

@@ -49,7 +49,7 @@ export function AppSidebar({ user }) {
         {/* Top row: brand name + toggle icon (open) or just toggle icon (collapsed) */}
         <div className={collapsed ? 'flex justify-center' : 'flex items-center justify-between'}>
           {!collapsed && (
-            <span className="px-2 font-semibold text-lg">The Pope Bot{version && <span className="text-[11px] font-normal text-muted-foreground"> v{version}</span>}</span>
+            <span className="px-2 font-semibold text-lg">ThePopeBot{version && <span className="text-[11px] font-normal text-muted-foreground"> v{version}</span>}</span>
           )}
           <Tooltip>
             <TooltipTrigger asChild>

package/lib/chat/components/icons.js

@@ -209,7 +209,7 @@ function PaperclipIcon({ size = 16 }) {
     }
   );
 }
-function XIcon({ size = 16 }) {
+function XIcon({ size = 16, className = "" }) {
   return /* @__PURE__ */ jsxs(
     "svg",
     {
@@ -222,6 +222,7 @@ function XIcon({ size = 16 }) {
       strokeLinejoin: "round",
       width: size,
       height: size,
+      className,
       children: [
         /* @__PURE__ */ jsx("path", { d: "M18 6 6 18" }),
         /* @__PURE__ */ jsx("path", { d: "m6 6 12 12" })
@@ -311,7 +312,7 @@ function RefreshIcon({ size = 16 }) {
     }
   );
 }
-function ChevronDownIcon({ size = 16 }) {
+function ChevronDownIcon({ size = 16, className = "" }) {
   return /* @__PURE__ */ jsx(
     "svg",
     {
@@ -324,6 +325,7 @@ function ChevronDownIcon({ size = 16 }) {
       strokeLinejoin: "round",
       width: size,
       height: size,
+      className,
       children: /* @__PURE__ */ jsx("path", { d: "m6 9 6 6 6-6" })
     }
   );
@@ -389,7 +391,7 @@ function CopyIcon({ size = 16 }) {
     }
   );
 }
-function CheckIcon({ size = 16 }) {
+function CheckIcon({ size = 16, className = "" }) {
   return /* @__PURE__ */ jsx(
     "svg",
     {
@@ -402,6 +404,7 @@ function CheckIcon({ size = 16 }) {
       strokeLinejoin: "round",
       width: size,
       height: size,
+      className,
       children: /* @__PURE__ */ jsx("path", { d: "M20 6 9 17l-5-5" })
     }
   );
@@ -635,6 +638,24 @@ function LifeBuoyIcon({ size = 16 }) {
     }
   );
 }
+function WrenchIcon({ size = 16, className = "" }) {
+  return /* @__PURE__ */ jsx(
+    "svg",
+    {
+      xmlns: "http://www.w3.org/2000/svg",
+      viewBox: "0 0 24 24",
+      fill: "none",
+      stroke: "currentColor",
+      strokeWidth: 2,
+      strokeLinecap: "round",
+      strokeLinejoin: "round",
+      width: size,
+      height: size,
+      className,
+      children: /* @__PURE__ */ jsx("path", { d: "M14.7 6.3a1 1 0 0 0 0 1.4l1.6 1.6a1 1 0 0 0 1.4 0l3.77-3.77a6 6 0 0 1-7.94 7.94l-6.91 6.91a2.12 2.12 0 0 1-3-3l6.91-6.91a6 6 0 0 1 7.94-7.94l-3.76 3.76z" })
+    }
+  );
+}
 function LogOutIcon({ size = 16 }) {
   return /* @__PURE__ */ jsxs(
     "svg",
@@ -688,6 +709,7 @@ export {
   SunIcon,
   SwarmIcon,
   TrashIcon,
+  WrenchIcon,
   XIcon,
   ZapIcon
 };

package/lib/chat/components/icons.jsx

@@ -205,7 +205,7 @@ export function PaperclipIcon({ size = 16 }) {
   );
 }
 
-export function XIcon({ size = 16 }) {
+export function XIcon({ size = 16, className = '' }) {
   return (
     <svg
       xmlns="http://www.w3.org/2000/svg"
@@ -217,6 +217,7 @@ export function XIcon({ size = 16 }) {
       strokeLinejoin="round"
       width={size}
       height={size}
+      className={className}
     >
       <path d="M18 6 6 18" />
       <path d="m6 6 12 12" />
@@ -304,7 +305,7 @@ export function RefreshIcon({ size = 16 }) {
   );
 }
 
-export function ChevronDownIcon({ size = 16 }) {
+export function ChevronDownIcon({ size = 16, className = '' }) {
   return (
     <svg
       xmlns="http://www.w3.org/2000/svg"
@@ -316,6 +317,7 @@ export function ChevronDownIcon({ size = 16 }) {
       strokeLinejoin="round"
       width={size}
       height={size}
+      className={className}
     >
       <path d="m6 9 6 6 6-6" />
     </svg>
@@ -380,7 +382,7 @@ export function CopyIcon({ size = 16 }) {
   );
 }
 
-export function CheckIcon({ size = 16 }) {
+export function CheckIcon({ size = 16, className = '' }) {
   return (
     <svg
       xmlns="http://www.w3.org/2000/svg"
@@ -392,6 +394,7 @@ export function CheckIcon({ size = 16 }) {
       strokeLinejoin="round"
       width={size}
       height={size}
+      className={className}
     >
       <path d="M20 6 9 17l-5-5" />
     </svg>
@@ -626,6 +629,25 @@ export function LifeBuoyIcon({ size = 16 }) {
   );
 }
 
+export function WrenchIcon({ size = 16, className = '' }) {
+  return (
+    <svg
+      xmlns="http://www.w3.org/2000/svg"
+      viewBox="0 0 24 24"
+      fill="none"
+      stroke="currentColor"
+      strokeWidth={2}
+      strokeLinecap="round"
+      strokeLinejoin="round"
+      width={size}
+      height={size}
+      className={className}
+    >
+      <path d="M14.7 6.3a1 1 0 0 0 0 1.4l1.6 1.6a1 1 0 0 0 1.4 0l3.77-3.77a6 6 0 0 1-7.94 7.94l-6.91 6.91a2.12 2.12 0 0 1-3-3l6.91-6.91a6 6 0 0 1 7.94-7.94l-3.76 3.76z" />
+    </svg>
+  );
+}
+
 export function LogOutIcon({ size = 16 }) {
   return (
     <svg